Repository : ssh://git@open-mesh.org/batmand

On branch : master

commit 58480ca5e0086449d41425bcd2e48ee948c5b8db Author: Sven Eckelmann sven@narfation.org Date: Sun Sep 15 17:43:48 2013 +0200

It is not necessary to call an external binary to clear the screen of a default unix terminal emulator. The external call using system("clear") may be used by an attacker to get untrusted code called with an higher privilege because batmand has to be run using uid 0.

Signed-off-by: Sven Eckelmann sven@narfation.org

58480ca5e0086449d41425bcd2e48ee948c5b8db posix/init.c | 3 ++- posix/posix.c | 3 ++- posix/unix_socket.c | 3 ++- 3 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/posix/init.c b/posix/init.c index 9cefe73..308e476 100644 --- a/posix/init.c +++ b/posix/init.c @@ -719,7 +719,8 @@ more_hna: } else if ( strncmp( buff_ptr, "BOD", 3 ) == 0 ) {

if ( !batch_mode ) - system( "clear" ); + /* clear screen, set cursor back to 0,0 */ + printf("\033[2J\033[0;0f");

} else {

diff --git a/posix/posix.c b/posix/posix.c index 81cd2e1..5cdf417 100644 --- a/posix/posix.c +++ b/posix/posix.c @@ -181,7 +181,8 @@ static void bat_wait( int32_t T, int32_t t ) {

void print_animation( void ) {

- system( "clear" ); + /* clear screen, set cursor back to 0,0 */ + printf("\033[2J\033[0;0f"); BAT_LOGO_END( 0, 50 );

sym_print( 0, 3, "." ); diff --git a/posix/unix_socket.c b/posix/unix_socket.c index fc9983b..11c96b2 100644 --- a/posix/unix_socket.c +++ b/posix/unix_socket.c @@ -100,7 +100,8 @@ void debug_output(int8_t debug_prio, const char *format, ...) { dprintf(debug_level_info->fd, "[%10u] ", get_time_msec());

if (((debug_level == 1) || (debug_level == 2)) && (debug_level_info->fd == 1) && (strncmp(format, "BOD", 3) == 0)) - system("clear"); + /* clear screen, set cursor back to 0,0 */ + printf("\033[2J\033[0;0f");

if (((debug_level != 1) && (debug_level != 2)) || (debug_level_info->fd != 1) || (strncmp(format, "EOD", 3) != 0)) vdprintf(debug_level_info->fd, format, args);